Cloud storage is easy to come by. Dozens of services shovel tons of free space to you just for signing up. But which of those services are looking at the files you upload, and most importantly, which services encrypt your personal data so no one can look at it? Let's take a look.

You already know why you should care about your privacy, even if you think you have nothing to hide. Privacy is even more important when it comes to cloud storage. You trust the service you sign up for to keep your files safe and secure and away from prying eyes. Whether you use your cloud storage for music, tax returns, or backups, it's still important to know that your provider isn't rifling through your files to make sure the music isn't pirated. If their servers ever get hacked, you want to know your tax returns and financial documents are safe.

Does government surveillance matter if you're not doing anything illegal? It's a tricky…
Read more Read more

When we asked you for the best cloud storage providers, many of you asked an important question: Which services offered encryption or other security tools to keep your data safe from, well, anyone but you? Let's take a look.

Free cloud storage is easy to come by these days—anyone can give it out, and anyone can give out…
Read more Read more

Cloud Storage Services with Encryption Rolled In

Encryption works. Whether you want to protect your documents from potential identity thieves, want your files locked down in case your laptop or phone is lost or stolen, or you're concerned about the whole NSA spying scandal, encrypting them is the only way to make sure you're the only one with access to them. That is, without a ton of effort, anyway. Here are some of the services that have encryption built into their technology.

SpiderOak starts you off with 2GB for free, with more storage available at $10/mo for each additional 100GB you need. All of your files are encrypted locally on your computer, and then uploaded to SpiderOak's servers, and any changes you make to your files and folders are synced with the local decrypted versions before being secured and uploaded.

SpiderOak's "Zero Knowledge" privacy policy notes that because the encryption process takes place locally, they have no way of knowing what you're storing with them. Essentially, your data is completely private because you're the only person who knows what's being encrypted and transmitted. The only unencrypted versions live on your local computer. Also, since your data is encrypted locally with a password you choose, they have absolutely no way of decrypting it to see what's in your data store. At the same time, this also means that if you lose your password, SpiderOak can't retrieve it—or decrypt your locked files—for you.

In the past, SpiderOak limited its remote access and syncing options, but SpiderOak Hive, their new syncing service, along with their iOS and Android apps let you take your encrypted files on the go. The encryption and decryption process still takes place locally, but the only thing that's stored on SpiderOak's servers are your password, so they can authenticate you and direct you to the right files. When your remote session is over, they destroy your password, so you can be comfortable that you're the only person who can access your files. If you're looking for a secure option that stores your files in an encrypted form but doesn't sacrifice usability, SpiderOak is definitely worth a look.

SpiderOak uses a combination of 2048 bit RSA and 256 bit AES to encrypt your files. According to SpiderOak:

Most importantly, however, the outer level keys are never stored plaintext on the SpiderOak server. They are encrypted with 256 bit AES, using a key created by the key derivation/strengthening algorithm PBKDF2 (using sha256), with 16384 rounds, and 32 bytes of random data ("salt"). This approach prevents brute force and pre-computation or database attacks against the key. This means that a user who knows her password, can generate the outer level encryption key using PBKDF2 and the salt, then decipher the outer level keys, and be on the way to decrypting her data. Without knowledge of the password, however, the data is quite unreadable.

Wuala encrypts your files locally, and then uploads them to the cloud for safe keeping. You start with 5GB for free, and after that it's $4/mo for 20GB, $7/mo for 50GB, or $12/mo for 100GB. Like SpiderOak, Wuala handles encryption and decryption locally using a password you set, so no one can access your files.

Furthermore, Wuala uploads different segments of your files to different servers, so they can't even identify what data belongs to which users. Your password is never transmitted anywhere, and again, this means that if you forget it and don't have unencrypted versions of your files locally, you're out of luck. You don't sacrifice features to get this level of security though. Wuala offers file versioning, cross-computer syncing, and mobile apps to help you keep working when you're on multiple computers or away from your desk.

In order to give you access to your files on the go (and in order to share files with others) Wuala does have to make some compromises in the security department. They're not much deeper than

SpiderOak's, but they're similar—when you share a file with someone, the file is unencrypted so they can access it without your password. If you put files in your public folder, they're definitely unencrypted. When you sync and access your files on mobile devices, your password is required in order to encrypt and decrypt your files, and Wuala uses it to make sure you are who you say you are. The decryption process still takes place locally, but Wuala does—temporarily—have your password.

Wuala uses AES- 256 for encryption, RSA 2048 for signatures and for key exchange when sharing folders, and SHA-256 for integrity checks. You can read more about their approach to security here and here.

Windows (Mac, Android, iOS coming soon): There are a ton of online syncing and storage services,…
Read more Read more

Like other encrypted cloud storage services, all encryption takes place locally on your computer. This means that no one can decrypt those files without your password—including Tresorit employees. Tresorit supports Windows and OS X on the desktop, and has mobile apps for Android, iOS, and Windows Phone. One place Tresorit shines (and has a lot of potential) is in sharing encrypted files. You can share files and grant specific permissions to users you specify, but those files are still encrypted until they download and open them.

As for their encryption technologies, Tresorit encrypts all files with AES-256 before they're uploaded. Beyond that, they note:

Additional security is provided before upload by HMAC message authentication codes applied on SHA-512 hashes. Encrypted files are uploaded to the cloud using TLS-protected channels.

Mega is the brainchild of former Megaupload mogul Kim Dotcom. Signing up for a free account gets you 50GB of space. Pro accounts come in different sizes, including 9.99 € (~$13)/mo or 99.99 € (~$130)/yr for 500GB and go all the way up to 4TB. Unlike the other services, there are no desktop apps, no syncing, and no mobile apps. Everything happens in your web browser (there is an Android app, but Mega says nothing about it on their site aside from "mobile apps are coming soon," so YMMV).

When you sign up, you choose a password and Mega generates the keys used to encrypt and decrypt your data. Files are encrypted before they're uploaded and decrypted after download by your web browser. Those encrypted files are then transferred via SSL. However, Mega's encryption is user controlled (UCE), meaning that your password is king. Accounts with no files or folders can reset their password, but once you upload data, losing your password means you lose access to your files. Not everything with Mega is encrypted however. Your files and folders are, but unlike other services, your folder structure and file ownership details aren't, and Mega can access them (although they can't see or access the files inside). You can read more about those limitations here. From an encryption standpoint, Mega says:

For bulk transfers, AES-128 (we believe that the higher CPU utilization of AES-192 and AES-256 outweighs the theoretical security benefit, at least until the advent of quantum computers). Post-download integrity checking is done through a chunked variation of CCM, which is less efficient than OCB, but not encumbered by patents.

For establishing shared secrets between users and dropping files into your inbox, RSA-2048 (the key length was chosen as middle grounds between "too insecure" and "too slow"). All encryption, decryption and key generation is implemented in JavaScript, which limits throughput to a few MB/s and causes significant CPU load. We are looking forward to the implementation of the proposed HTML5 WebCrypto API in all major browsers, which will eliminate this bottleneck.

JavaScript's built-in random number generator is enhanced through a mouse/keyboard timing-driven RC4 entropy pool as well as crypto.* randomness where available (Chrome only at the moment).

An important thing to remember about Mega is that while they offer a lot of storage and make some big privacy promises (and they say mobile apps and desktop tools are on the way soon), their encryption is actually weaker and less robust than many of the other cloud storage options available. They draw a line between security, speed, and massive storage.

The Cloud Storage Services that Don't Value Your Privacy

You may have noticed that some of the big names in cloud storage aren't listed above. That's not because they're insecure, or because they don't care about your privacy, it's just because they don't offer the same tools or privacy promises that the above do. In the worst case, it's because they actually say outright that they scan your files for content they deem "inappropriate."

The services we've highlighted have similar privacy policies (which you should read before signing up). They'll respond to subpoenas and court orders, but because of the way your data is stored and encrypted, most of them don't even know where your data is on their servers, much less how to decrypt it, so they physically can't give it to someone who comes asking for it.

Remember, You Can Always Do It Yourself

When we highlighted the five best cloud storage services, many of your choices were based on how much storage you could get (usually more than the free plans above) and how tightly those services integrated with other services you use. With some of the above options, syncing can be slow because your files have to be encrypted before uploading, decrypted after downloading, and secure connections have to be established. If you want speed and tons of storage along with security and encryption, you can have it by using a third party tool to encrypt your data locally.

Windows: We've shown you how to add a second layer of encryption to Dropbox, but if…
Read more Read more

Finally, don't forget that the most secure cloud storage solution is the one that you have complete control over. Like we said above, Mega sounded great until researchers highlighted its vulnerabilities. The other services could have vulnerabilities too, but they're not under the same scrutiny. Using cloud storage inherently means giving your files—encrypted or otherwise—to someone else. If you want to keep them close but still access them everywhere, you can always use a large hard drive or a NAS and roll your own syncing cloud service with OwnCloud. You could even power it with a Raspberry Pi and keep the overhead low.

Dropbox is a great service for keeping all of your files automatically backed up. If you're…
Read more Read more

Whatever you do, make sure to take your security and privacy into consideration before you upload to the cloud. You don't have to give up convenient access to your files anywhere you go to protect your privacy. You just have to choose the right cloud storage provider—or take matters into your own hands.